An update for qemu-kvm-rhev is now available for Red Hat EnterpriseVirtualization.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.An out-of-bounds read/write access flaw was found in the way QEMU’s VGAemulation with VESA BIOS Extensions (VBE) support performed read/writeoperations via I/O port methods.

A privileged guest user could use this flaw toexecute arbitrary code on the host with the privileges of the host’s QEMUprocess. (CVE-2016-3710)

For details on how to apply this update, which includes the changes described inthis advisory, refer to: installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.
Updated packages
Red Hat Enterprise Virtualization 3

    MD5: 2112b36590be603572983d21825bde51SHA-256: 870ac77842846533aa8c1bbc9ff11bd8278a58f4f1a1b1b70de328ac415ca6cb
    MD5: 1b0140e1110d2b7fb0c473406d80d100SHA-256: ecd50eab27fe0eac8919ee12ba68ab2199ea92ddda718bb6b91dc13c9395e1bc
    MD5: 9a0bd288a37ea76f8d5d18dd13bfd93fSHA-256: e80f3108dcfbc373b5be8ad08245b356ef5f57991e448a162777468359f20d9a
    MD5: 0097d14a656e23a1dee11648e4528dfcSHA-256: b1773eca0ee96c916740a2f56ade2df9ba8f7e05e8468eb17bcd28f39225ac95
    MD5: 43b924be8b8f81d54667e9c6872ef415SHA-256: e62284b1fbfd1f21e2454fb335f24de0c3e81e676037b740572f97017f883c40
(The unlinked packages above are only available from the Red Hat Network)

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
The Red Hat security contact is More contact details at

Leave a Reply